Privacy Practices

This notice describes how medical information about you may be used and disclosed by LifeCare Management Services and its hospitals, and how you may obtain access to this information. Please review it carefully.

Why is the Hospital providing me with this Notice?

This Notice of Privacy Practice for LifeCare Hospitals (“Hospital”) is being provided to you in accordance with the requirements of the Standards for Privacy of Individually Identifiable Health Information of the Health Insurance Portability and Accountability Act (the “HIPAA Privacy Rules”). The HIPAA Privacy Rules are federal laws that seek to ensure the privacy and confidentiality of your health information. The HIPAA Privacy Rules require the Hospital and its Business Associates to take certain actions to protect the privacy of your health information. This Notice has been prepared to advise you of the uses and disclosures of your Protected Health Information (PHI) (as defined below) that may be made by the Hospital and to advise you of your rights and the Hospital’s legal duties relating to the privacy of your PHI.

What is Protected Health Information?

PHI means information related to a past or present health condition that individually identifies you or could reasonably be used to identify you and is transferred to another entity or maintained by the Hospital in written, electronic or any other form.

Will the Hospital have access to my Protected Health Information?

Yes. Your PHI will be obtained by your physician, our hospital staff and others outside of our hospital that are involved in your care and treatment for the purpose of providing health care services to you.

When may the Hospital use or disclose my Protected Health Information?

The law permits the Hospital to use or disclose PHI to carry out “treatment,” “payment” and other “health care operations.” The Hospital is not required to obtain an authorization or notify you each time it uses or discloses your PHI information for treatment, payment or health care operations purposes. The following are examples of the types of uses and disclosures of your PHI that the Hospital is permitted to make, but is not meant to be exclusive.

Treatment: Treatment means the provision, coordination, or management of health care and related services by health care providers, including the coordination or management of health care by a health care provider with a third party (such as an insurer of the Hospital), consultation between providers with respect to a patient, and the referral of a patient for health care from one provider to another. For example, (i) the Hospital may disclose your PHI, as necessary to a home health agency that provides care to you, (ii) the Hospital may disclose PHI to other physicians who may be treating you, or (iii) your PHI may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you. In addition, the Hospital may disclose your PHI information from time-to-time to another physician or health care provider (e.g., a specialist or laboratory) who, at the request of your initial physician, becomes involved by providing assistance with your health care diagnosis or treatment. Another example is that the Hospital might disclose certain information about you to facilitate a pharmacy’s filling of your prescription.

Payment: Your PHI will be used, as needed, to obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services the Hospital recommends for you, such as making a determination of eligibility or coverage for insurance benefits and reviewing services provided to you for medical necessity and undertaking utilization review activities. Another example is obtaining approval for a hospital stay, which may require that you’re relevant PHI be disclosed to a health plan to obtain approval for hospital admission.

Health Care Operations: The term “health care operations” means those other functions and activities that the Hospital performs in connection with providing health care. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical and other health care professional students, licensing, credentialing, underwriting, auditing functions, and conducting or arranging for other business and administrative activities. For example, the Hospital may disclose your PHI to medical students that are in training at the Hospital’s facilities. In addition, the Hospital may use a sign-in sheet at the registration desk at the Hospital’s facilities where you will be asked to sign your name and provide your address. The Hospital may also call you by name in the waiting room when your healthcare provider is ready to see you. The Hospital will share your PHI with third parties or “business associates” that perform various activities (e.g., billing information or transcription services). Whenever an arrangement between our facility and a business associate involves the use or disclosure of your PHI, the Hospital will have a written contract that contains terms that will protect the privacy of your PHI.

Will I be listed in a hospital directory, and how will that information be used?

The hospital may include your name and room number in a general listing of our current patients. This information, along with the phone number to your room, may be disclosed to members of the clergy and others persons asking for you by name. You may decide that you do not want to be included in this listing, and you have that right. If you do not want to be included, contact the facility Privacy Officer for assistance, and we will designate you as a No Information Patient.

Can the hospital share my Protected Health Information with my friends and family?

The hospital may share information related to your care or the payment of your care to individuals, including family, friends, or significant others, if you do not object, or to individuals that, in the best judgment of the professionals, will be responsible for assisting you with your care, or facilitating payment for your care. In an urgent or emergent situation, the hospital may share with responsible parties, your location and condition, if it is deemed to be in your best interests. In the event of your death, the hospital may share information about your death with family or friends who were involved in your care; the hospital may share billing information with them if they are involved in the payment of your care.

May the Hospital use or disclose my Protected Health Information for other purposes?

The Hospital may use or disclose your PHI to provide you with appointment reminders or information about your treatment alternatives or other health-related benefits and services that may be of interest to you. With your permission, and if requested, the hospital may send immunization results to a school for admission purposes if you are or will be attending that school.

Does the Hospital have to obtain an authorization in order to use or disclose my Protected Health Information for other purposes?

Yes. For uses or disclosures of PHI that are not made for treatment, payment, or health care operations purposes and for which no exception regarding an Authorization applies, the law requires the Hospital to obtain your Authorization. An Authorization is your approval for the Hospital’s disclosure of your PHI to a particular person or entity for a particular purpose. You may revoke an Authorization at any time, but a revocation is not effective if the Hospital has already reasonably relied on your Authorization to make a particular use or disclosure. Additionally, if you request that the Hospital make a use or disclosure of your PHI to a third party, the Hospital may require that you sign an Authorization that permits the Hospital to honor your request.

When might the Hospital use or disclose my Protected Health Information without my authorization?

As discussed above, the Hospital is not required to obtain your Authorization to use or disclose your PHI for treatment, payment or health care operations purposes. Additionally, there are some exceptions in which the law allows or requires the Hospital to use or disclose your PHI for purposes other than treatment, payment, or health care operations and without your Authorization. Most of these uses or disclosures are permitted to promote the government’s need to ensure a safe and healthy society. In some cases, you may be given an opportunity to agree or object before the use or disclosure is made, in other cases, you may not be given this opportunity. Whenever the Hospital makes these types of uses and disclosures, the Hospital will make every effort to ensure that it meets any necessary prerequisites and will not use or disclose your PHI more than is otherwise permitted under the law.

The types of uses or disclosures of PHI that may be made without your Authorization and without giving you the opportunity to object include those: required by law; for public health activities; for FDA-related purposes; to avert communicable or spreading diseases; for public health activities; to an employer to conduct medical surveillance evaluations, to address work-related illness/workplace injuries and for workers’ compensation purposes; for health oversight purposes (such as when the government requests certain information from Hospital to determine its compliance with applicable laws); when a judge or administrative tribunal orders the release of such PHI; to properly assist law enforcement to carry out their duties; as required by law for reporting certain types of wounds or other physical injuries; pursuant to a request from a law enforcement official if the individual is a victim of a crime; for purposes of identifying or locating a suspect, fugitive, material witness, or missing person; to a coroner or medical examiner for purposes of identifying a deceased person; to a funeral director as necessary to carry out services; for cadaveric organ, eye and tissue donations (where appropriate); to carry out clinical research that involves treatment where the proper body has determined the importance for doing so and compliance with the research authorization requirements are followed; to prevent serious and imminent threats to the health or safety of a person; to assist armed forces personnel and operations; for military service, veterans affairs separation/discharge matters; for federal intelligence, counter-intelligence and national security purposes; to help determine veteran eligibility status; to protect Presidential and other high-ranking officials; and for reporting to correctional institutions/law enforcement officials acting in a custodian capacity.

There are also several types of uses or disclosures of PHI that the Hospital may make without your Authorization as long as, whenever possible, you are given an opportunity to agree or object before the Hospital makes the use or disclosure. These exceptions are very limited and generally involve the release of a limited amount of PHI, and include, but are not limited to the following purposes: to maintain a directory of individuals; to aid your family members, close personal friends, or persons identified by you to assist in your care, payment of care, or in locating you; or disclosures to disaster relief personnel in order to locate you in the event of an emergency. If you are not available to agree or object to the use or disclosure of PHI due to your incapacity or an emergency circumstance, then the Hospital may, in the exercise of its professional judgment, determine whether the disclosure is in your best interests and, if so, disclose only the PHI that is relevant to your health care.

Will the Hospital use or disclose my Protected Health Information for marketing purposes?

While the Hospital does not anticipate using or disclosing your PHI for marketing purposes, under the HIPAA Privacy Rules, the Hospital may only make such uses or disclosures with your Authorization. The hospital will not sell your PHI. The Hospital may communicate with you face-to-face or provides you with some promotional gift of nominal value, in which case your Authorization would not be required.

Do I have the right to request additional restrictions on the uses or disclosures of my Protected Health Inform­ation?

Yes. You have the right to request additional restrictions relating to the Hospital’s use or disclosure of your PHI beyond those otherwise required under the HIPAA Privacy Rules. The Hospital is not legally required to agree to most of these requests. However, if you are paying for services directly out of pocket, and not filing any insurance you may request that we restrict release of payment related information for those services to your insurance carrier, and we must comply with this request once you have paid in full for those services. For additional information or to obtain the proper form for making such a request please contact Hospital’s Privacy Officer (referenced on the last page of this Notice).

May I request that certain confidential communications of my Protected Health Information be made to me at alternate locations?

Yes. The Hospital may communicate your PHI to you in a variety of ways, including by mail, Internet, email, fax or telephone. If you would like the Hospital to make its communications that involve PHI to you at an alternate location, you may contact the Hospital’s Privacy Officer (referenced on the last page of this Notice) to obtain the appropriate request form. The Hospital will accommodate reasonable requests and may require information as to how payment, if any, will be handled.

Do I have the right of access to inspect and copy my Protected Health Information?

Yes. You have the right to request and obtain access to inspect and copy your PHI maintained in the Designated Record Set by the Hospital unless an exception applies. The Hospital may deny you access to your PHI if the information is not required to be accessible under the HIPAA privacy Rules or other applicable law. For example, you do not have a right to access information compiled by the Hospital in anticipation of or for use in a civil, criminal or administrative proceeding.

You have the right to request a copy of your PHI in an electronic format, such as CD. If technically possible, we will produce a copy in electronic format. If not possible, we will provide it to you in a paper format. If your medical record is primarily maintained in an electronic medical record set, we will provide you with a copy in a readable electronic form if you desire.

You may direct the hospital to electronically transmit your PHI to another party. This request must be in writing, with your signature, and must designate to whom and where you want the information sent. Contact the hospital’s Privacy Officer for assistance with this request.

The Hospital may charge you a reasonable, cost-based fee for any electronic or paper copying (including the cost of supplies and labor) any PHI required to be copied to adequately respond to your access request, as well as any postage costs and costs associated with preparing an explanation or summary of the PHI necessary to adequately respond to your access request (unless otherwise precluded by applicable State or other law). If you would like to request access to your PHI, please notify the Hospital’s Privacy Officer (referenced on the last page of this Notice) so that you can complete the appropriate forms. Upon receipt of a valid request, the hospital is allowed a reasonable time, not to exceed 30 days, to prepare and grant the access to inspect or obtain a copy of the PHI.

Do I have the right to request an amendment to my Protected Health Information?

Yes. You have the right to request that the Hospital amend your PHI in your Designated Record Set. The Hospital reserves the right to deny or partially deny requests for amendments that are not required to be granted under HIPAA Privacy Rules. For example, the Hospital may deny a request for amendment when the PHI at issue is accurate and complete. If you would like to request an amendment of your PHI, please notify the Hospital’s Privacy Officer (referenced on the last page of this Notice) so that you can complete the appropriate forms.

Do I have the right to an accounting of disclosures of my Protected Health Information made by the Hospital?

Yes. You have the right to request and obtain a proper accounting of disclosures the Hospital has made of your PHI up to six years prior to the date on which the accounting is requested. [The Hospital is not required to account for all uses and disclosures of PHI that the Hospital makes. For example, the Hospital is not required to provide an accounting for disclosures made for treatment, payment, or health care operations purposes or for disclosures made with your Authorization]. Additionally, the Hospital reserves the right to limit its accountings to disclosures made after the compliance date of the HIPAA Privacy Rules.

The Hospital will provide you with your first accounting at no charge to you. If you request any additional accountings within a 12­-month period, the Hospital may charge you a reasonable, cost-based fee. At the time that you request a subsequent accounting, the Hospital will provide you with information regarding the fees, and you will have the opportunity to withdraw or modify your request if you wish to do so. If you would like to request an accounting of your PHI, please notify the hospital’s Privacy Officer (referenced on the last page of the Notice) so that you can complete the appropriate forms.

How will I know if there is a breach of my Protected Health Information?

The hospital will notify you in writing if there is a breach of your unsecured Protected Health Information, unless the investigation reveals a low probability that the protected health information has been compromised, or unless the situation falls within a legal exception.

What are the legal exceptions to notification about a breach of my Protected Health Information?

The Privacy Rule states that certain uses or disclosures of PHI do not require individual notification in three specific instances:

When there is an unintentional acquisition, access, use or disclosure of PHI by a employee or company representative that occurs in the course of their normal duties, and does not result in further use or disclosure in a manner that violates the rule.

An inadvertent disclosure from one HIPAA covered entity (such as a hospital or physician) to another HIPAA covered entity (such as a hospital or physician) that does not result in further use or disclosure.

A disclosure where the Hospital believes in good faith that the recipient could not have retained the information.

If I have an objection to the way my Protected Health Information is being handled, may I file a complaint?

Yes. The Hospital has procedures in place for receiving and resolving complaints. If you believe that the Hospital has violated your privacy rights or has acted inconsistently with its obligations under the HIPAA Privacy Rules, you may file a complaint by contacting the Hospital’s Privacy Officer by writing a letter addressed to the Hospital, Attention: Privacy Officer.

The Hospital requests that you attempt to resolve your complaint with the Hospital via these complaint procedures since the Hospital is in the best position to respond to your complaint. However, if you believe the Hospital has violated your privacy rights you may also file a complaint with the Office of Civil Rights (“OCR”) at the United States Department of Health and Human Services (“HHS”). You may contact the HHS OCR at: Medical Privacy, Complaint Division, Office of Civil Rights, United States Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F, HHH Building, Washington, D.C. 20201, Voice Hotline Number (800)368-1019, Internet Address www.hhs.gov/ocr.

It is against the policies and procedures of the Hospital to retaliate against any person who has filed a privacy complaint, either with us or with HHS OCR. Should you believe that you are being retaliated against in any way upon your filing a complaint with us rot he HHS OCR, please immediately contact the Hospital’s Privacy Officer, so that the Hospital may properly address the issue.

May the Hospital amend this Notice?

Yes. The Hospital is required to abide by the terms of this Notice. The Hospital may change the terms of this Notice, at any time. The new notice will be effective for all PHI that the Hospital maintains at that time. Upon your request, the Hospital will provide you with any revised Notice of Privacy practices. You may request a revised Notice of Privacy Practices by accessing our website at www.lifecare-hospitals.com calling us and requesting that a revised copy be sent to you in the mail or asking for one in person at the time of your next visit to our facility.

May I obtain a paper copy of this Notice?

Yes. You have the right to request and receive a paper copy of this Notice. If you received this Notice via the Internet or electronic mail and would like to receive a paper copy, please contact the Hospital’s Privacy Officer (referenced on the last page of this Notice).

What if I have additional questions that are not answered in this Notice?

If you have any questions, concerns or issues relating to the privacy of your PHI that is not covered in this Notice, please contact the Hospital’s Privacy Officer (referenced below).

How do I contact the Hospital’s Privacy Officer?

You may contact the Hospital’s Privacy Officer by writing a letter addressed to the Hospital, Attention: Privacy Officer. (see attached document)